• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Product: Norton 360

OS Version: Windows 8.1

I discovered (purely by accident) that on 7/25, Norton 360 placed wpfgfx_v0400.dll in quarantine. I never got an onscreen alert about this detection. I just happened to check my quarantine, which I do from time to time so that I don't accidentally miss something.

The .dll is labeled as containing TROJAN.GEN.NP2. (See the first screen shot.) Since the detection came on the heals of a Windows Update, I suspected it could be a false positive.

An internet search didn't bring up any posts about this being a false positive in Norton 360, but I did find this thread about it being a false positive in Symantec Endpoint Protection: https://www.symantec.com/connect/forums/wpfgfxv0400dll-false-positive-se....

The .dll file name, detection, and detection location are the same on my machine as in this thread. (Second screen shot)

I rolled my machine back to a early July restore point to see if the file would show up again when I redid the Windows Updates. Sure enough, Norton made a second detection in the exact same location, but this time it did not quarantine the .dll file. (See the third screen shot.) I only see the original detection in my quarantine.

Safe Mode scans of my machine with both Norton 360 and Malwarebytes say my machine is clean, so my questions are these:

1. Can I be assured that this is in fact a false positive triggered by the 7/24 Windows 8.1 updates, and I'm not infected?

2. What should I do with the file currently in quarantine? Do I just delete it or does it need to be restored?

Thanks!

Replies

Kudos0

Re: wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Kudos0

Re: wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Thanks, but I already reviewed that thread and it answered neither of my questions.

Kudos0

Re: wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Maybe > submit event to Symantec Security Response < for further analysis...n'/or > Chat with Official Norton Support <.

Please tell what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Kudos0

Re: wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: wpfgfx_v0400.dll Quarantined After 7/24 Windows 8.1 Updates

Sorry for the long delay on commenting back (work stuff kept me too busy). I submitted the file that was re-installed by Windows Update -- and again detected as a possible Trojan -- to Symantec as a False Positive. Incidentally, the possible Trojan detections stopped after 8/6, so it's likely that Symantec already whitelisted this file. I'll add Symantec's response to my FP submission when I have it. As for what Norton 360 is saying in the Quarantine section, here's the clipboard copy: Filename: wpfgfx_v0400.dll Threat name: Trojan.Gen.NPE.2Full Path: c:\windows\winsxs\x86_netfx4-wpfgfx_b03f5f7f11d50a3a_4.0.9664.17161_none_aadf6268cce74b6f\wpfgfx_v0400.dll ____________________________ ____________________________ On computers as of 8/19/2018 at 4:55:23 PM Last Used 7/25/2018 at 2:03:24 PM Startup Item No Launched No Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium. ____________________________ wpfgfx_v0400.dll Threat name: Trojan.Gen.NPE.2 Locate Many Users Tens of thousands of users in the Norton Community have used this file. Mature This file was released 1 month ago. High This file risk is high. ____________________________ Source: External Media ____________________________ File Actions File: c:\Windows\WinSxS\x86_netfx4-wpfgfx_b03f5f7f11d50a3a_4.0.9664.17161_none_aadf6268cce74b6f\ wpfgfx_v0400.dll Removed ____________________________ File Thumbprint - SHA: Not available File Thumbprint - MD5: Not available

This thread is closed from further comment. Please visit the forum to start a new thread.